<?php
session_start();
  include('../include/db_connect.php');

function inDB(){
$password = md5($_SERVER['PHP_AUTH_PW']);
$queryL="SELECT idUSERNAME, gebruikers_naam, wachtwoord FROM USERNAME
                  WHERE BINARY
                  gebruikers_naam='".$_SERVER['PHP_AUTH_USER']."'
                  AND
                  wachtwoord='".$password."'
                  AND
                  admin = 1
                  AND
                  status='act'";
                  

/*
gebruikers_naam='Muurverf'
                  //wachtwoord='".$_SERVER['PHP_AUTH_PW']."'";*/


$resL=   mysql_query($queryL) or die(mysql_error());
$usR =   mysql_fetch_array($resL);
if ($usR===false) return false;
return $usR['idUSERNAME'];
}

$usR = inDB();


?>
<style type="text/css">
div#noPermission{
margin-left:auto;
margin-right:auto;
text-align:center;
}
#noPermission a{
text-decoration:none;
color: #000000;
}
#noPermission a:hover{
text-decoration:none;
color: #ff0000;
}
#noPermissionImage a{
margin-top:-30px;
margin-left:auto;
margin-right:auto;
background-image:url('images_admin/icon_stop.png');
display:block;
width:512px;
height:512px;
text-decoration:none;
color: #000000;
}
#noPermissionImage a:hover{
margin-top:-30px;
margin-left:auto;
margin-right:auto;
background-image:url('images_admin/icon_stop2.png');
display:block;
width:512px;
height:512px;
text-decoration:none;
color: #ff0000;
}
</style>
<?php
if(!isset($_SERVER['PHP_AUTH_USER'])||$usR===false)
  {
    Header("WWW-Authenticate: Basic realm=\"Vul je gebruikersnaam en wachtwoord in\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo '<div id="noPermission">';
	echo '<h1> U heeft geen authorisatie om hier te komen.</h1><br>';
	echo '<div id="noPermissionImage">';
	echo '<a href="../index.php"></a>';
	echo '</div>';
	echo '<h1> <a href="../index.php">Klik hierom terug te gaan naar de index site</a> </h1><br>';
	echo '</div>';

   }
   else{
    //echo $usR;

?>
<script type="text/javascript">
var current = "1";
function pageSwitch(id){
	if(!document.getElementById) return false;
	var div = document.getElementById("page"+id);
	var curDiv = document.getElementById("page"+current);
	curDiv.style.display = "none";
	div.style.display = "block";
	current = id;
}
</script>
		<style type="text/css" media="screen"><!--
.hiddenDiv {
	display: none;
	}
.visibleDiv {
	display: block;
	border: /1px grey solid;
	}

--></style>
		<!-- Start of Page Header -->
		
	<?php include("include/admin_header.php"); ?>


		<!-- End of Page Header -->
	<?php include("include/admin_menu.php"); ?>


<?php


/*
$con = mysql_connect("db1.hosting2go.nl:3306", "m1_f4502769", "passwd1") or die(mysql_error());
	mysql_select_db("m1_f4502769");
	

$con = mysql_connect("localhost","root","root");
mysql_select_db("mydb");
*/


	echo "<div id='super_main_content'>";




if(isset($_GET['bestelnr'])){

$_SESSION['bestelnr'] = $_GET['bestelnr'];
}

$idBesteling = $_SESSION['bestelnr'];

#echo "SELECT PRODUCT_idPRODUCT,BESTELLING_has_PRODUCT.prijs,aantal,naam FROM BESTELLING_has_PRODUCT,PRODUCT,USER_DATA,ADRES where BESTELLING_USERNAME_idUSERNAME=USERNAME_idUSERNAME and ADRES_idADRES=idADRES and PRODUCT_idPRODUCT=idPRODUCT and BESTELLING_idBESTELLING = ".$idBesteling ." group by idPRODUCT "; 
$result1 = mysql_query("SELECT PRODUCT_idPRODUCT,BESTELLING_has_PRODUCT.prijs,aantal,naam FROM BESTELLING_has_PRODUCT,PRODUCT,USER_DATA,ADRES where BESTELLING_USERNAME_idUSERNAME=USERNAME_idUSERNAME and ADRES_idADRES=idADRES and PRODUCT_idPRODUCT=idPRODUCT and BESTELLING_idBESTELLING = ".$idBesteling ." group by (idPRODUCT) ") or die("kan niet uitvoeren1");
$result2 = mysql_query("SELECT voornaam,tussenvoegsel,achternaam,straat_naam,huis_nummer,toevoeging,postcode,woonplaats FROM BESTELLING_has_PRODUCT,PRODUCT,USER_DATA,ADRES where BESTELLING_USERNAME_idUSERNAME=USERNAME_idUSERNAME and ADRES_idADRES=idADRES and PRODUCT_idPRODUCT=idPRODUCT and BESTELLING_idBESTELLING = ".$idBesteling ." group by (idPRODUCT) ") or die("kan niet uitvoeren2");
$result3 = mysql_query("select bezorgtype,datum_geannuleerd,status from BESTELLING where idBESTELLING = ".$idBesteling) or die ("kan niet uitvoren3") ;

//$table= mysql_fetch_assoc($result1);
echo "<div align='center'>";
echo "<h1>Bestelnummer: ".$idBesteling."</h1><br>";

// persoongegevens tonen 

echo "</br><h2> Adresgegevens </h2><br>";

$table= mysql_fetch_assoc($result2);
echo "<h3><b>";
echo $table['voornaam']."  ";
if(isset($table['tussenvoegsel'])){echo $table['tussenvoegsel']." ";}
echo $table['achternaam']." </br>";
echo $table['straat_naam']." ".$table['huis_nummer'];
if(isset($table['toevoeging'])){echo $table['toevoeging']." ";}
echo " <br>".$table['postcode']." ".$table['woonplaats']." ";
echo "</b></h3>";

echo "</br> <h1>Aflevering </h1> </br>"; 
$table= mysql_fetch_assoc($result3);

echo "<b>Bezorging: </b><i style='font-size:12px;'>".$table['bezorgtype']." </i><br>"; 
?>
<?php
	 if(isset($table['datum_geannuleerd'])){
		echo "<h1><b><i>Deze bestelling is geannuleerd op :</b></i></h1>". $table['datum_geannuleerd'] ;
	  
	 }

echo "</br> <h1>Bestelling </h1> </br>"; 


echo "<hr />";
echo"</br>";

echo "<table><tr>  <td><b>Artikel</b></td> <td align='center'><b>Artikel naam</b></td> <td><b>Aantal</b></td> <td><b>Prijs</b></td> <td>Subtotaal</td></tr>";
$totaal = 0.0;
while($table= mysql_fetch_assoc($result1)){
$subtotaal = $table['prijs']*$table['aantal'];


// DIT is overbodig korting moet gelijk tijdens de bestelling afgevangen worden
/*
if(isset($table['korting'])){
$subtotaal = ($table['prijs']*$table['aantal'])-($table['prijs']*$table['aantal']\100*$table['korting']);
}
else {$subtotaal = $table['prijs']*$table['aantal'];}
*/

echo "<tr><td> ".$table['PRODUCT_idPRODUCT']." </td>  <td><i>".$table['naam'] ."</i></td> <td align='center'>".$table['aantal']."</td>  <td>".$table['prijs']."</td> <td align='right'> ".$subtotaal."</td>";


$totaal =$totaal + $subtotaal ; 
}

echo "</tr></table>"; 
echo"</br>";
echo "<hr />";
echo"</br>";

$totaal = str_replace('.',',',$totaal);
echo "</div>";
echo "<div align='center'><h1>Totaal = &euro; ".$totaal." </h1></div>";

// knop om de factuur te afhandelen 
echo "<form action='orders.php' method='GET'>";
echo '<input name="Hidden1" type="hidden" value="'.$idBesteling.'">';
echo "<div align='center'><input name='afhandelen' type='Submit' value='Afhandelen'></div>";
echo "</form>";
echo "</div>";

?>


	<?php include("include/admin_footer.php"); 
}
?>







